Commit Graph

1324 Commits

Author SHA1 Message Date
Juan David Martínez Cubillos 7b70905326
FIX: Sanitization issue when replacing default emoji with custom emoji that contains or ~/Discourse/discourse symbols (#30053) 2024-12-03 19:27:12 -05:00
Loïc Guitaut cf2b4d9934 DEV: Apply new Rubocop linting on services 2024-12-02 17:31:36 +01:00
Jarek Radosz b3423c40b0
DEV: Fix random typos (#30023)
(late) Nov 2024 edition
2024-12-02 07:34:05 +08:00
Régis Hanol 7d58793759
DEV: deduplicate inline styles in emails (#30015)
In order to limit issues with duplicate inline CSS definitions, this will now deduplicate inline CSS styles with the "last-to-be-defined-wins" strategy.

Also removes unecessary whitespaces in inline styles.

Context - https://meta.discourse.org/t/resolve-final-styles-in-email-notifications/310219

Co-authored-by: Thomas Kalka <thomas.kalka@gmail.com>
2024-11-30 16:38:45 +01:00
Jarek Radosz 85ead5ac7a
Revert "FIX: deduplicate css in mails (#30003)" (#30013)
This reverts commit 6e726d436f.

The specs were failing in the original PR but the CI didn't run.
2024-11-30 15:32:32 +01:00
Thomas Kalka 6e726d436f
FIX: deduplicate css in mails (#30003)
Feature: Resolve final styles in email notifications

Context - https://meta.discourse.org/t/resolve-final-styles-in-email-notifications/310219
2024-11-30 14:51:02 +01:00
Sam 07813ba83c
DEV: fix hanging spec (#29974) 2024-11-28 11:06:19 +08:00
Ted Johansson 2d945e2373
DEV: Enable the normalize_emails site setting by default (#29952) 2024-11-28 10:23:00 +08:00
Sam 72132c35fb
DEV: fix flaky spec (#29972)
Spec was flaky cause work could still be in pipeline after the defer
length is 0. Our length denotes the backlog, not the in progress
count.

This adds a mechanism for gracefully stopping the queue and avoids
wait_for callse
2024-11-28 11:21:35 +11:00
Loïc Guitaut d6bec460a8 DEV: Upgrade Rails to version 7.2 2024-11-27 10:48:47 +01:00
Martin Brennan 2ef9d6ac47
FEATURE: Allow admins to force refresh "What's new?" (#29911)
Sometimes changes to "What's new?" feed items are made or the feed items are
removed altogether, and the polling interval to check for new features is 1 day.

This is quite long, so this commit introduces a "Check for updates"
button for admins to click on the "What's new?" page which will bust
the cache for the feed and check again at the new features endpoint.
This is limited to 5 times per minute to avoid rapid sending of
requests.
2024-11-27 09:40:55 +10:00
Martin Brennan b8a5f95eb6
FIX: Handle multiple In-Reply-To Message-ID in group inbox (#29912)
This fix handles the case where an In-Reply-To mail header
can contain multiple Message-IDs. We use this header to
try look up an EmailLog record to find the post to reply
to in the group email inbox flow.

Since the case where multiple In-Reply-To Message-IDs is
rare (we've only seen a couple of instances of this causing
errors in the wild), we are just going to use the first one
in the array.

Also, Discourse does not support replying to multiple posts
at once, so it doesn't really make sense to use multiple
In-Reply-To Message-IDs anyway.
2024-11-26 11:12:40 +10:00
Selase Krakani a20b7fa83f
DEV: Gracefully handle `regex_replace` max column length violations (#29787)
* DEV: Gracefully handle `regex_replace` violations of column length constraints

This is a follow-up to the `remap` [refactor](9b0cfa99c5).
Similar to `remap`, the entire `regex_replace` operation fails if the new content exceeds the column’s max length.

This change introduces an optional mode, controlled by the new `skip_max_length_violations` param
to skip records eligible for `regex_replace`  where the new content violates the max column length constraint.

It also includes updates to the exception message raised when `regex_replace` fails to include more details

* DEV: Remove string escapes in heredoc text
2024-11-25 11:39:53 +00:00
Mark VanLandingham d880db3b7b
DEV: Apply modifier for topic_view link_counts (#29883) 2024-11-22 14:49:39 -06:00
Loïc Guitaut 719457e430 DEV: Add a `try` step to services
This patch adds a new step to services named `try`.

It’s useful to rescue exceptions that some steps could raise. That way,
if an exception is caught, the service will stop its execution and can
be inspected like with any other steps.

Just wrap the steps that can raise with a `try` block:
```ruby
try do
  step :step_that_can_raise
  step :another_step_that_can_raise
end
```
By default, `try` will catch any exception inheriting from
`StandardError`, but we can specify what exceptions to catch:
```ruby
try(ArgumentError, RuntimeError) do
  step :will_raise
end
```

An outcome matcher has been added: `on_exceptions`. By default it will
be executed for any exception caught by the `try` step.
Here also, we can specify what exceptions to catch:
```ruby
on_exceptions(ArgumentError, RuntimeError) do |exception|
  …
end
```

Finally, an RSpec matcher has been added:
```ruby
  it { is_expected.to fail_with_exception }
  # or
  it { is_expected.to fail_with_exception(ArgumentError) }
```
2024-11-19 12:01:07 +01:00
Selase Krakani 9b0cfa99c5
DEV: Gracefully handle remaps which violate DB column constraints (#29501)
* DEV: Gracefully handle remaps which violate DB column constraints

This change implements length constraint enforcement to skip remaps
which exceed column max lengths

* DEV: Only perform skipped column stats lookup when verbose is true

* DEV: Tidy up specs

* DEV: Make skipping violating remap behaviour opt-in

This change introduces a new `skip_max_length_violations` param for
`remap`, set to `false` by default to ensure we still continue to fail
hard when max lenth constraints are violated.

To aid in quick resolution when remaps fail, this change also
adds more context to the exception message to include the offending table
and column information

* Apply suggestions from code review

Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>

* FIX: Various fixes

- Linter errors
- Remap status "logger" early return condition

---------

Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2024-11-15 10:42:25 +00:00
Jan Cernik 234133bd3b
UX: Split `hide_profile_and_presence` user option (#29632)
It splits the hide_profile_and_presence user option and the default_hide_profile_and_presence site setting for more granular control. It keeps the option to hide the profile under /u/username/preferences/interface and adds the presence toggle in the quick user menu.

Co-authored-by: Régis Hanol <regis@hanol.fr>
2024-11-12 22:22:58 -03:00
Loïc Guitaut d637bd6519
DEV: Don’t replace Rails logger in specs (#29721)
Instead of replacing the Rails logger in specs, we can instead use
`#broadcast_to` which has been introduced in Rails 7.
2024-11-13 08:47:39 +08:00
Martin Brennan 7f1e403a25
Revert "DEV: Enable the normalize_emails site setting by default (#29587)" (#29712)
This reverts commit 7d9d98422c.
2024-11-12 10:23:02 +10:00
Angus McLeod cb4b8146a3
Add dedicated user_api_key_clients table to allow for 1:many use cases (#28119) 2024-11-08 12:05:03 -05:00
Alan Guo Xiang Tan af642d0d69
Revert "FEATURE: Mark bad uploads with :invalid_url (#29640)" (#29657)
This reverts commit 5a00a041f1.

Implementation is currently not correct. Multiple uploads can share the
same etag but have different paths in the S3 bucket.
2024-11-08 13:04:52 +08:00
Bianca Nenciu 5a00a041f1
FEATURE: Mark bad uploads with :invalid_url (#29640)
A "bad upload" in this context is a upload with a mismatched URL. This can happen when changing the S3 bucket used for uploads and the upload records in the database have not been remapped correctly.
2024-11-08 08:05:14 +08:00
Martin Brennan 0568d36133
FIX: Use dualstack S3 endpoint for direct uploads (#29611)
When we added direct S3 uploads to Discourse, which use
presigned URLs, we never took into account the dualstack
endpoints for IPv6 on S3.

This commit fixes the issue by using the dualstack endpoints
for presigned URLs and requests, which are used in the
get-presigned-put and batch-presign-urls endpoints used when
directly uploading to S3.

It also makes regular S3 requests for `put` and so on use
dualstack URLs. It doesn't seem like there is a downside to
doing this, but a bunch of specs needed to be updated to reflect this.
2024-11-07 11:06:39 +10:00
Gabriel Grubba 75beb5a84f
FIX: Change create_post_for_category_and_tag_changes setting to use whispers instead of small actions (#29602)
It currently can leak private tags/categories, to address this we are moving to whispers.
2024-11-06 09:28:28 -03:00
Ted Johansson 7d9d98422c
DEV: Enable the normalize_emails site setting by default (#29587)
The normalize_emails setting makes it so that only canonical e-mails are considered for validation purposes. This means disallowing "plus addressing". For example, with this enabled, bob@discourse.org and bob+foo@discourse.org are considered the same address, and you can only sign up with one of them.

Currently this is disabled by default, leading to a lot of spam sign-ups. It's healthier to consider this an opt-out setting.
2024-11-06 11:20:36 +08:00
Alan Guo Xiang Tan 57f4176b57
DEV: Bump rubocop_discourse (#29608) 2024-11-06 06:27:49 +08:00
Martin Brennan d5b328b193
DEV: Site setting keyword changes (#29486)
This commit contains two changes to how our site setting
keyword system works:

1. Crowdin, our translation provider, does not support YAML lists,
   so we are changing site setting keywords in server.en.yml to
   be pipe-separated (|)
2. It's unclear to translators what they are supposed to do with
   aliases of site settings where the name has changed, e.g.
   min_trust_level_for_here_mention. Instead of getting these as
   keywords from the yml file, we can discern these from
   SiteSettings::DeprecatedSettings automatically, and still use
   them for client-side search

These changes should help improve the situation for translators.
2024-10-31 13:18:34 +10:00
Osama Sayegh 2ffe413b0b
FEATURE: Enable the new /about page for everyone (#29390)
This commit removes the feature flag for the new /about page, enabling it for all sites, and removes the code for old the /about page.

Internal topic: t/140413.
2024-10-29 18:40:11 +03:00
Krzysztof Kotlarek 0839bce7b6
DEV: allow the plugin to register valid site setting areas (#29432)
In this PR, we defined the ability to group site settings by area - https://github.com/discourse/discourse/pull/28570

Plugins should be able to register in their own areas.
2024-10-29 09:40:31 +11:00
Loïc Guitaut 584424594e DEV: Replace `params` by the contract object in services
This patch replaces the parameters provided to a service through
`params` by the contract object.

That way, it allows better consistency when accessing input params. For
example, if you have a service without a contract, to access a
parameter, you need to use `params[:my_parameter]`. But with a contract,
you do this through `contract.my_parameter`. Now, with this patch,
you’ll be able to access it through `params.my_parameter` or
`params[:my_parameter]`.

Some methods have been added to the contract object to better mimic a
Hash. That way, when accessing/using `params`, you don’t have to think
too much about it:
- `params.my_key` is also accessible through `params[:my_key]`.
- `params.my_key = value` can also be done through `params[:my_key] =
  value`.
- `#slice` and `#merge` are available.
- `#to_hash` has been implemented, so the contract object will be
  automatically cast as a hash by Ruby depending on the context. For
  example, with an AR model, you can do this: `user.update(**params)`.
2024-10-25 14:48:34 +02:00
Loïc Guitaut 41584ab40c DEV: Provide user input to services using `params` key
Currently in services, we don’t make a distinction between input
parameters, options and dependencies.

This can lead to user input modifying the service behavior, whereas it
was not the developer intention.

This patch addresses the issue by changing how data is provided to
services:
- `params` is now used to hold all data coming from outside (typically
  user input from a controller) and a contract will take its values from
  `params`.
- `options` is a new key to provide options to a service. This typically
  allows changing a service behavior at runtime. It is, of course,
  totally optional.
- `dependencies` is actually anything else provided to the service (like
  `guardian`) and available directly from the context object.

The `service_params` helper in controllers has been updated to reflect
those changes, so most of the existing services didn’t need specific
changes.

The options block has the same DSL as contracts, as it’s also based on
`ActiveModel`. There aren’t any validations, though. Here’s an example:
```ruby
options do
  attribute :allow_changing_hidden, :boolean, default: false
end
```
And here’s an example of how to call a service with the new keys:
```ruby
MyService.call(params: { key1: value1, … }, options: { my_option: true }, guardian:, …)
```
2024-10-25 09:57:59 +02:00
Jarek Radosz 587264f9d2
DEV: Remove extraneous spec code (#29386)
namely `js: true`, requiring `rails_helper`, and default `freeze_time` args
2024-10-24 14:15:32 +02:00
Krzysztof Kotlarek cd077ef93b
FIX: visual regression for new features (#29359)
Bug introduced in this PR https://github.com/discourse/discourse/pull/29244

When the experiment toggle button was introduced, new features did not look right when the toggle button was not available.

In addition, the plugin name can be an empty string. In that case, information about new features should be displayed.
2024-10-23 16:16:19 +11:00
Loïc Guitaut f79dd5c8b5 DEV: Stop injecting a service result object in the caller object
Currently, when calling a service with its block form, a `#result`
method is automatically created on the caller object. Even if it never
clashed so far, this could happen.

This patch removes that method, and instead use a more classical way of
doing things: the result object is now provided as an argument to the
main block. This means if we need to access the result object in an
outcome block, it will be done like this from now on:
```ruby
MyService.call(params) do |result|
  on_success do
    # do something with the result object
    do_something(result)
  end
end
```

In the same vein, this patch introduces the ability to match keys from
the result object in the outcome blocks, like we already do with step
definitions in a service. For example:
```ruby
on_success do |model:, contract:|
  do_something(model, contract)
end
```
Instead of
```ruby
on_success do
  do_something(result.model, result.contract)
end
```
2024-10-22 16:58:54 +02:00
Gerhard Schlager 07ff21d045
FIX: Restoring backup could fail due to missing `discourse_functions` (#29332)
Database dumps sometimes reference functions in the `discourse_functions` schema. It's possible that some of these functions have been dropped in a newer version of Discourse. In that case, restoring an older backup will fail with a `ERROR:  function discourse_functions.something_something() does not exist` error. The restore functionality contains a workaround for that problem, but it didn't work with functions created in plugin migrations.

This commit adds support for temporarily creating missing `discourse_functions` from plugins. And it adds a simple check if the DB migration file even contains the required `DROPPED_TABLES` or `DROPPED_COLUMNS` constant. We don't need to create an instance of the DB migration class unless one of those constants is used. This makes the restore slightly faster and works around a problem with migrations that execute without `up` or `down` methods (e.g. `BackfillChatChannelAndThreadLastMessageIdsPostMigrate`).
2024-10-22 16:13:01 +02:00
Krzysztof Kotlarek 433fadbd52
FEATURE: allow admins to enable announced experimental features (#29244)
Toggle the button to enable the experimental site setting from "What's new" announcement.

The toggle button is displayed when:
- site setting exists and is boolean;
- potentially required plugin is enabled.
2024-10-22 10:56:58 +11:00
Régis Hanol 88449541a5
FIX: participating users statistics... (#29293)
* FIX: participating users statistics...

... was (mis-)counting

- bots
- anonymous users
- suspended users

There's now a "valid_users" function that holds the AR query for valid users and which is used in all "users", "active_users", and "participating_users" queries.

Internal ref - t/138435
2024-10-21 18:18:42 +02:00
Ted Johansson 56df077931
FIX: Don't error out on empty reserved_usernames setting (#29305)
We're seeing errors in logs due to some sites setting the reserved_usernames setting to nil. This is causing multiple use cases upstream of User#reserved_username? to error out.

This commit changes from using the raw #reserved_usernames to using the #reserved_usernames_map helper which exists on list-type site settings. It returns an empty array if the raw value is nil or empty string.
2024-10-21 14:38:37 +08:00
David Battersby 48308a5ee6
FIX: show lightbox for small images (#29140)
We want to allow lightboxing of smaller images, even if they are below the minimum size for image thumbnail generation.

This change sets a minimum threshold of 100 x 100 pixels for triggering the lightbox.

---------

Co-authored-by: Régis Hanol <regis@hanol.fr>
2024-10-18 09:45:08 +04:00
Loïc Guitaut 23c486799f DEV: Improve `array` type in service contracts
This patch improves the custom `array` type available in contracts.
It’s now able to split strings on `|` on top of `,`, and to be more
consistent, it also tries to cast the resulting items to integers.
2024-10-17 17:02:02 +02:00
Juan David Martínez Cubillos 789aa2d9de
DEV: Add PluginRegistry modifiers to #review and #recalculate (#29128)
* DEV: Add PluginRegistry modifiers to #review and #recalculate

* added tests

* changed added registry logic
2024-10-16 10:26:10 -05:00
Loïc Guitaut 281570226b DEV: Output failing MF keys when compilation fails
Currently, when the MessageFormat compiler fails on some translations,
we just have the raw output from the compiler in the logs and that’s not
always very helpful.

Now, when there is an error, we iterate over the translation keys and
try to compile them one by one. When we detect one that is failing, it’s
added to a list that is now outputted in the logs. That way, it’s easier
to know which keys are not properly translated, and the problems can be
addressed quicker.

---

The previous implementation of this patch had a bug: it wasn’t handling
locales with country/region code properly. So instead of iterating over
the problematic keys, it was raising an error.
2024-10-15 12:45:23 +02:00
Jeff Wong d92d65fe73
Revert "DEV: Output failing MF keys when compilation fails" (#29200)
This reverts commit 8eff922ace.
2024-10-14 17:42:36 -07:00
Mark VanLandingham 882c2da29e
DEV: Add modifier to SuggestedTopicsBuilder#add_results (#29164) 2024-10-10 10:03:26 -05:00
Jarek Radosz 8105b545c3
DEV: Fix random typos (#29161) 2024-10-10 16:11:55 +02:00
Kelv 32e261ef73
DEV: Migrate user passwords data to UserPassword table (#28746)
* Add migrations to ensure password hash is synced across users & user_passwords

* Persist password-related data in user_passwords instead of users

* Merge User#expire_old_email_tokens with User#expire_tokens_if_password_changed

* Add post deploy migration to mark password-related columns from users table as read-only

* Refactored UserPassword#confirm_password? and changes required to accommodate hashing the password after validations
2024-10-10 09:23:06 +08:00
Alan Guo Xiang Tan ed6c9d1545
DEV: Call Discourse.redis.flushdb after the end of each test (#29117)
There have been too many flaky tests as a result of leaking state in
Redis so it is easier to resolve them by ensuring we flush Redis'
database.

Locally on my machine, calling `Discourse.redis.flushdb` takes around
0.1ms which means this change will have very little impact on test
runtimes.
2024-10-09 07:19:31 +08:00
Loïc Guitaut 229773e7a8 DEV: Drop `OpenStruct` for the context object in services
While using `OpenStruct` is nice, it’s generally not a very good idea as
it usually leads to performance problems.

The `OpenStruct` source code even says basically to avoid it.

Since the context object is crucial in our services, this patch replaces
`OpenStruct` with a custom implementation instead.
2024-10-08 10:34:55 +02:00
Penar Musaraj 92ac6be82a
SECURITY: prevent topic list filtering by hidden tags for unathorized users
This fixes an issue where unathorized users were able to filter topics
by tags that are hidden from them.
2024-10-07 11:48:55 +08:00
Loïc Guitaut 8eff922ace DEV: Output failing MF keys when compilation fails
Currently, when the MessageFormat compiler fails on some translations,
we just have the raw output from the compiler in the logs and that’s not
always very helpful.

Now, when there is an error, we iterate over the translation keys and
try to compile them one by one. When we detect one that is failing, it’s
added to a list that is now outputted in the logs. That way, it’s easier
to know which keys are not properly translated, and the problems can be
addressed quicker.
2024-10-04 23:38:27 +09:00